Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 7 in CompTIA Security +

Published byAdrian McCarthy Modified over 7 years ago

Similar presentations

Presentation on theme: "Chapter 7 in CompTIA Security +"— Presentation transcript:

1 Chapter 7 in CompTIA Security +
Unit 7 Seminar Unit 7 Chapter 7 in CompTIA Security + Course Name – IT Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information: AIM – JMcDanolds Office Hours: Wednesday 9:00 PM ET and Thursday 5:00 PM ET

2 What we covered last week…
Unit 6 Review What we covered last week… Securing the Network and Environment Understanding Physical and Network Security Three-layer security model, perimeter, security zones, access control, EMI and RFT shielding, fire suppression, etc. Understanding Social Engineering Understanding Business Continuity Planning (BCP) Requirements to plan ahead – Example: current problems in Japan Developing Policies, Standards, and Guidelines Working with Security Standards and ISO 17799 Classifying Information Who has access to data and how is that access granted

3 Cryptography Basics, Methods and Standards
Chapter 7 Overview Cryptography Basics, Methods and Standards Agenda: An Overview of Cryptography Understanding Cryptographic Algorithms Using Cryptographic Systems Using Public Key Infrastructure Preparing for Cryptographic Attacks Understanding Cryptography Standards and Protocols Understanding Key Management and Key Life Cycle FUN with numbers…

4 Fun with Cryptography Use of ROT 13
Chapter 7 Fun with Cryptography Use of ROT 13 Caesar's method is an encryption scheme involving shifting (rotation) an alphabet A mapping of “a to b”, “b to c”, etc. is termed ROT 1 because the letters are shifted (rotated) by one. ROT 13 is shifted by 13. By Wiktor K. Macura Field Trip…..

5 Who does this stuff today?
Chapter 7 Who does this stuff today? RSA (pg 347 in our text) RSA was founded by (and named after) the inventors of public key cryptography: Ron Rivest, Adi Shamir and Leonard Adleman. (See them in a video – 10 minutes – history of public key) Tuesday, Feb 15 Opening Ceremonies – Giants Among Us The RSA algorithm - most widely used public key cryptography , deployed in more than one billion applications worldwide. 25 years of innovation, now owned by EMC. RSA SecurID 700 Authenticator – time-synchronous authentication, invented in RSA SecurID® tokens are time-synchronous two-factor authentication that verifies a user’s identity.

6 Who does this stuff today?
Chapter 7 Who does this stuff today? RSA (cont) Best Practices to prevent data loss 1. Understand what data is most sensitive to your business 2. Know where this sensitive data resides Understand your risk model 4. Select the appropriate controls based on policy, risk, and where sensitive data resides 5. Manage security centrally 6. Audit security to constantly improve March 2011: Announced Jericho Systems has contract with the US Government and will use RSA products for FIPS compliance. Federal Information Processing Standards Publications (FIPS PUBS) “Jericho Systems Corporation creates automated decisioning software, which is primarily used to secure access to data in service oriented architectures (SOAs).”

7 Who does this stuff today?
Chapter 7 Who does this stuff today? VeriSign VeriSign Authentication Services, now part of Symantec Corp. (NASDAQ: SYMC), provides solutions that allow companies and consumers to engage in communications and commerce online with confidence. More than one million web servers use SSL certificates Verisign.com - VeriSign’s identity and authentication business includes the Secure Sockets Layer (SSL) Certificate Services, the Public Key Infrastructure (PKI) Services, the VeriSign Trust Services and the VeriSign Identity Protection (VIP) Authentication Service. Example: Price: 1-year certificate $ client System requirements S/MIME compliant client such as Microsoft Outlook, Outlook Express, Mozilla Thunderbird or Apple Mail

8 Who does this stuff today?
Chapter 7 Who does this stuff today? Others: Thawte GeoTrust Digicert Comparison of costs: Digicert - SSL Plus 1 Year $144 VeriSign - Secure Site 1 Year $399 GeoTrust - True BusinessID® 1 Year $199 Thawte - SSL Web Server P 1 Year $299 (different warranty may apply)

9 An Overview of Cryptography
Chapter 7 An Overview of Cryptography Understanding Physical Cryptography - 3 types: substitution, transposition, and steganography Understanding Mathematical Cryptography - Converting a message to a numeric hash value Understanding Quantum Cryptography - Heisenberg Uncertainty Principle: the act of measuring the results, changes the results Uncovering the Myth of Unbreakable Codes

10 Understanding Physical Cryptography
Chapter 7 Understanding Physical Cryptography Three approaches: Substitution ciphers – change a character into another Issues: Not that secure, alphabet frequencies, etc. - ROT 13 Transposition ciphers – scrambling letters in specific pattern – rail fence, grid, columns Issues: decoding requires prior knowledge or transmission of pattern Steganography – hiding one message inside another Issues: decoding requires prior knowledge - picture, graphics, shopping list Hybrid – the Enigma machine – WWII

11 Understanding Cryptographic Algorithms
Chapter 7 Understanding Cryptographic Algorithms The Science of Hashing: converting a message into a numeric value (one way or two way hash) Password hash – “An MD5 hash is NOT encryption. It is simply a fingerprint of the given input. However, it is a one-way transaction and as such it is almost impossible to reverse engineer an MD5 hash to retrieve the original string.” Example: Secure Hash Algorithm (SHA, now SHA -1) ensures the integrity Message Digest Algorithm (MD, now MD5) text as single # string Symmetric Algorithms DES, AES, AES256, 3DES, CAST, RC, Blowfish, IDEA Asymmetric Algorithms RSA, Diffie-Hellman, ECC, El Gamal

12 Working with Symmetric Algorithms
Chapter 7 Working with Symmetric Algorithms Both ends of the transmission use the same secret key and algorithm. Strength of symmetric key encryption depends on the size of the key used. Examples: RC bits DES - 64 bits 3DES bits AES bits IDEA bits CAST bits (CAST256 uses 256 bits key) AES - three key sizes: 128, 192 and 256 bits. In decimal terms, this means there are approximately: 3.4 x 1038 possible 128-bit keys; 6.2 x 1057 possible 192-bit keys; and 1.1 x 1077 possible 256-bit keys.

13 Working with Asymmetric Algorithms
Chapter 7 Working with Asymmetric Algorithms Two Keys – Message is encrypted using a public key and can only be decrypted by applying the same algorithm, using the matching private key. OR, a message that is encrypted using the private key can only be decrypted by using the matching public key. Can send public keys over the Internet. The problem with asymmetric encryption, is that it is slower than symmetric encryption, requiring more processing power to both encrypt and decrypt the content of the message.

14 Using Cryptographic Systems
Chapter 7 Using Cryptographic Systems Confidentiality: prevent unauthorized disclosure Integrity: providing assurance that the data was not modified during transmission Digital Signatures: validates the integrity of the message and the sender Authentication: verifying the authenticity of the sender – they are who they say they are Non-Repudiation: proof of receipt – prevents one party from denying actions Access Control: preventing unauthorized access

15 Using Public Key Infrastructure
Chapter 7 Using Public Key Infrastructure Using a Certificate Authority Working with RAs and LRAs Implementing Certificates Understanding Certificate Revocation Implementing Trust Models

16 Cryptographic Attacks
Chapter 7 Cryptographic Attacks Attacking the keys “Weak Key Attack” “Birthday Attack” Attacking the algorithm “Mathematical attack” Intercepting the transmissions

17 Cryptography Standards and Protocols
Chapter 7 Cryptography Standards and Protocols Origins of Encryption Standards PKIX/PKCS X.509 SSL and TLS CMP S/MIME SET SSH

18 Cryptography Standards and Protocols (cont.)
Chapter 7 Cryptography Standards and Protocols (cont.) PGP HTTPS S-HTTP IPSec Tunneling Protocols FIPS Common Criteria WTLS WEP ISO 17799

19 Key Management and the Key Life Cycle
Chapter 7 Key Management and the Key Life Cycle Comparing Centralized/Decentralized Key Generation Storing and Distributing Keys Using Key Escrow Key Expiration - Revoking Keys, Suspending Keys Recovering and Archiving Keys Renewing Keys Destroying Keys Key Usage

20 UNIT 7 Project Assignment
Chapter 7 UNIT 7 Project Assignment Download the Unit 7 Rubric 1. Using rot13 encoding algorithm encode the following sentence: it is very important for network administrators to understand physical cryptography 2. Explain each of the following key cryptography concepts; key management, symmetric and asymmetric keys, non-repudiation and digital signatures 3. Compare DES and AES, their advantages and disadvantages for use. 4. Explain the following core concepts of public key cryptography; PKI, Public and Private Keys, and trust models.

Download ppt "Chapter 7 in CompTIA Security +"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Encryption Matches Domain 4.0 Basics of Cryptography (15 percent of Security +) Network Security Class Dr. Kleist Note: Most material from Harris, Shon.

Encryption Matches Domain 4.0 Basics of Cryptography (15 percent of Security +) Network Security Class Dr. Kleist Note: Most material from Harris, Shon.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.

1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Similar presentations

Ads by Google